[Openstack] Keystone Design Session - Fine Grained Access Control

: a. Which resource groups the policies apply to 6. Services should make a call available to introspect which servers, files, etc make up that resource group Looking forward to your comments the discussion! Thanks, Joe Savak ___ Mailing list: https

Re: [Openstack] Keystone Design Session - Fine Grained Access Control

@lists.launchpad.net] On Behalf Of Jay Pipes Sent: Tuesday, April 02, 2013 9:58 AM To: openstack@lists.launchpad.net Subject: Re: [Openstack] Keystone Design Session - Fine Grained Access Control On 04/02/2013 09:51 AM, Joe Savak wrote: I'd like to propose a design session on Fine Grained Access

Re: [Openstack] [openstack-dev] Fwd: [keystone] Tokens representing authorization to projects/tenants in the Keystone V3 API

that are likely to occur. Thanks, joe -Original Message- From: heckj [mailto:he...@mac.com] Sent: Tuesday, November 13, 2012 3:59 PM To: Joe Savak Cc: OpenStack Development Mailing List; openstack@lists.launchpad.net (openstack@lists.launchpad.net) Subject: Re: [Openstack] [openstack-dev

Re: [Openstack] [openstack-dev] Fwd: [keystone] Tokens representing authorization to projects/tenants in the Keystone V3 API

Will user-scoped token include the full service catalog? Also, I thought the consensus was to allow the API contract to be flexible on how many tenants we can scope the token to. The ref impl can enforce 1 tenant-scoped token. Are we diverging from this? Thanks, joe -Original

Re: [Openstack] Fwd: [openstack-dev] [keystone] Tokens representing authorization to projects/tenants in the Keystone V3 API

Your suggestion to it optional (it being a token scoped to multiple projects). :) From: Adam Young [mailto:ayo...@redhat.com] Sent: Monday, October 22, 2012 9:57 PM To: Jorge Williams Cc: Joe Savak; OpenStack Development Mailing List; openstack@lists.launchpad.net Subject: Re: [Openstack] Fwd

Re: [Openstack] Fwd: [openstack-dev] [keystone] Tokens representing authorization to projects/tenants in the Keystone V3 API

be considered valid. I would like the world to know that we are affectionately calling such tokens sloppy tokens and Joe Savak has adopted the nickname of Sloppy Joe for championing them. Allowing it as an option is fine, but I would not recommend that this become the norm, or that we enable

[Openstack] (no subject)

___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp

[Openstack] REPOSE - at 3:40/Wednesday in Maggie (OpenStack summit)

Come learn about Repose - Restful HTTP proxy service helping with rate limiting and client authentication http://openrepose.org/ Introducing Repose: http://www.rackspace.com/blog/introducing-repose-the-restful-proxy-service-engine/ A more technical look at Repose:

Re: [Openstack] [Keystone] What exactly are we modeling with endpoints?

a service to have an endpoint. Same with 3 duplicate endpoints - a use case could come up and the core contract should be flexible enough with these things. From: Joseph Heck [mailto:he...@me.com] Sent: Wednesday, April 25, 2012 11:47 AM To: Nguyen, Liem Manh Cc: Joe Savak; openstack

Re: [Openstack] [Keystone] What exactly are we modeling with endpoints?

Having endpoints under the service construct is supposed to make it easier to programmatically find the endpoint(s) you are interested in. For example - as nova client I can parse the service catalog and identity nova by service-type compute in order to get the public, internal, and admin

Re: [Openstack] Repose project?

Hi Liem! Jorge team have been busy on it and have developed the resources below. Docs: http://openrepose.org/documentation.html Wiki: http://wiki.openrepose.org/display/REPOSE/Home Code: https://github.com/rackspace/repose Thanks, Joe From:

[Openstack] Request for review - Keystone RBAC calls

Hi Stackers, Keystone has an RBAC prototype on its roadmap for e-1 and we'd like to get your feedback on the blueprint for it (https://blueprints.launchpad.net/keystone/+spec/rbac-keystone). OS-RBAC, a keystone extension, will allow Nova, Swift, Glance, and Dashboard to manage

Re: [Openstack] RBAC handled by keystone or each services ?

Hi Kuo, RBAC is a hot topic at Essex right now with a few sessions to explicitly discuss them: http://essexdesignsummit.sched.org/event/2610368e1c5bd0e52982777f75baafb5 http://essexdesignsummit.sched.org/event/2d4b84fe8559d6a144897a1d53adbb9e

Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

Mark Bryan, I haven't forgotten about this and included it on the keystone wiki so we won't lose track of it during Essex planning. http://wiki.openstack.org/keystone Thanks, Joe -Original Message- From: openstack-bounces+joe.savak=rackspace@lists.launchpad.net

Re: [Openstack] API documentation move

I like it and +1 for identity-api since it will have both authZ and authN capabilities. From: openstack-bounces+joe.savak=rackspace@lists.launchpad.net [mailto:openstack-bounces+joe.savak=rackspace@lists.launchpad.net] On Behalf Of Anne Gentle Sent: Wednesday, September 07, 2011 6:57

[Openstack] Keystone - call for blueprints (for Essex)

Hi all, We are hard at work getting Keystone documentation and core functionality in place for the Diablo release. That doesn't mean we aren't thinking ahead to Essex. You'll notice under the keystone wiki (http://wiki.openstack.org/keystone) a call for blueprints. Please peruse

Re: [Openstack] Keystone and SCIM - Simple Cloud Identity Management

I haven't heard of this before, but it sounds interesting. Possibly capable of providing the core (non-extension) CRUD operations for user management in Essex. On that note, I updated the keystone wiki (http://wiki.openstack.org/keystone ) with links to potential blueprints for Essex. I'll